ammyyadmin | 96feb1ddff0a9845114a0f963faf7740876135ac82c4102c35a40c36fa54cbd9 | Triage

Submit
Reports

Overview

overview

Static

static

Device/Har....5.exe

windows7-x64

Device/Har....5.exe

windows10-2004-x64

Sharing

General

Target

AA_v3.5.exe
Size

391KB
Sample

230504-nhbpzaca22
MD5

0b49021f9776f2074772315a630ad0c8
SHA1

fda7ec8cb93d29be4b1efe64ce8a5bde7ea1b10c
SHA256

96feb1ddff0a9845114a0f963faf7740876135ac82c4102c35a40c36fa54cbd9
SHA512

3c45daa90cba741ed19d281e65e19446a83b7ee5e824621cc4876ed41200ba9215dd4f19df76090628b034fe0777022e44bf90df22c4c5faaf520c78dc2d0840
SSDEEP

12288:GRy8QRRxXskUv0ppP/y/DEpeJpGjDXpiFsbsmOg:i9040fX1igZ

Score

10^/10

ammyyadmin flawedammyy trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Device/HarddiskVolume6/UB_AHO_AG/albinopm/SCAN/Animol Lukose/jpeg/sent/AA_v3.5.exe

Resource

win7-20230220-en

flawedammyy trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Device/HarddiskVolume6/UB_AHO_AG/albinopm/SCAN/Animol Lukose/jpeg/sent/AA_v3.5.exe

Resource

win10v2004-20230220-en

flawedammyy trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Device/HarddiskVolume6/UB_AHO_AG/albinopm/SCAN/Animol Lukose/jpeg/sent/AA_v3.5.exe
- Size
  
  746KB
- MD5
  
  f8cd52b70a11a1fb3f29c6f89ff971ec
- SHA1
  
  6a0c46818a6a10c2c5a98a0cce65fbaf95caa344
- SHA256
  
  6f2258383b92bfaf425f49fc7a5901bfa97a334de49ce015cf65396125c13d20
- SHA512
  
  987b6b288a454b6198d4e7f94b7bba67cafe37f9654cd3cd72134a85958efd2125596ae48e66a8ee49ee3f4199dac7f136e1831f2bf4015f25d2980f0b866abe
- SSDEEP
  
  12288:PUYpJqMH2OwlaUPcWWw5XZV8f64RteVpN5ETMasTjcP6gX:zpJJWOwlaUPcWWwRZb4Rt+N5WMasHoX
Score

10^/10

flawedammyy trojan
- FlawedAmmyy RAT
  Remote-access trojan based on leaked code for the Ammyy remote admin software.
  trojan flawedammyy
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

flawedammyytrojan

behavioral2

flawedammyytrojan

© 2018-2024

Terms | Privacy